Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Tamper Protection Settings when App Control and EDR are Installed

EDR: Tamper Protection Settings when App Control and EDR are Installed

Environment

  • EDR Server:  7.4+
  • EDR Windows Sensor:  7.2.0+
  • App Control Agent:  7.x+

Objective

How to properly tamper protect EDR and App Control software when they are both installed on the endpoints.

Resolution

To Tamper Protect EDR Windows sensor software, open the Sensor Group settings > Advanced > Tamper Protect dropdown select Protect.

To Tamper Protect App Control software use this link:  App Control: How to Disable/Enable Tamper Protection

Note: Enabling Tamper Protection for EDR software on both App Control and Carbon Black EDR does not provide extra protection. We recommend that you disable the App Control "Carbon Black EDR Tamper Protection" Rapid config after Carbon Black EDR Tamper Protection enforcement is in place.
 

Additional Notes

  • Requirements for EDR Windows Tamper Protection:
    • Minimum OS Versions of Windows 10 v1703 (Desktop) or Windows Server v1709 (Windows build 15163)
    • Minimum Carbon Black EDR versions of v7.2.0 Windows EDR sensor and
    • v7.4.0 Carbon Black EDR Server
  • Any Windows sensor in a sensor group that has Tamper Protection applied and that does not meet the minimum OS requirements will default to Tamper Detection. VMware Carbon Black App Control Tamper Protection is recommended in these cases. We recommend that you update the tamper rule settings for Carbon Black App Control to the latest Carbon Black EDR Tamper Protection Rapid Config.
  • App Control "Carbon Black EDR Tamper Protection" Rapid config was necessary to protect EDR software prior to EDR's Tamper Protection release.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-26-2022
Views:
61
Contributors